scottk/kubernetes
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/kubernetes.git synced 2025-11-04 04:08:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use FQDN for SERVICEACCOUNT_ISSUER in tests

Browse Source
This commit is contained in:
Michael Taufen
2021-02-04 10:40:40 -08:00
parent aacd157c2e
commit 8418fd9b15
1 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
cluster/gce/config-test.sh
View File

@@ -556,9 +556,14 @@ ROTATE_CERTIFICATES=${ROTATE_CERTIFICATES:-}
# into kube-controller-manager via `--concurrent-service-syncs` # into kube-controller-manager via `--concurrent-service-syncs`
CONCURRENT_SERVICE_SYNCS=${CONCURRENT_SERVICE_SYNCS:-} CONCURRENT_SERVICE_SYNCS=${CONCURRENT_SERVICE_SYNCS:-}
# The value kubernetes.default.svc is only usable in Pods and should only be # The value kubernetes.default.svc.cluster.local is only usable for full
# set for tests. DO NOT COPY THIS VALUE FOR PRODUCTION CLUSTERS. # OIDC discovery flows in Pods in the same cluster. For some providers
export SERVICEACCOUNT_ISSUER='https://kubernetes.default.svc' # with configurations that support non-traditional KSA authentication methods,
# this value may make sense, but if the expectation is traditional OIDC, don't
# use this value in production. If you do use it, the FQDN is preferred to
# kubernetes.default.svc, to avoid something outside the cluster attempting
# to resolve the partially qualified name.
export SERVICEACCOUNT_ISSUER='https://kubernetes.default.svc.cluster.local'
# Optional: Enable Node termination Handler for Preemptible and GPU VMs. # Optional: Enable Node termination Handler for Preemptible and GPU VMs.
# https://github.com/GoogleCloudPlatform/k8s-node-termination-handler # https://github.com/GoogleCloudPlatform/k8s-node-termination-handler